Re: [WebDNA] PCI Vulnerability testing

This WebDNA talk-list message is from

2009

It keeps the original formatting. numero = 102398
interpreted = N
texte = It seems removeHTML is a way to go although I have not tested whathappens with URLed characters. If going grep or getchars, I would usea white list and not limit the length. Otherwise long variables willpass the troublesome code.BillOn Mon, Apr 13, 2009 at 3:09 PM, Govinda wro=te:> =A0[removehtml][userInput][/removehtml]> -G> On Apr 13, 2009, at 12:47 PM, William DeVaul wrote:>>> I have no idea about a server level fix. =A0This goes to never trusting>> user input. =A0I thought it should always be surrounded by [raw] and>> [url] to prevent this.>>>> What do others do?>>>> Bill>> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us> old archives: http://dev.webdna.us/TalkListArchive/> Associated Messages, from the most recent to the oldest:

Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009) Re: [WebDNA] PCI Vulnerability testing (Jeffrey Jones 2009) Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009) Re: [WebDNA] PCI Vulnerability testing (William DeVaul 2009) Re: [WebDNA] PCI Vulnerability testing (Jeffrey Jones 2009) Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009) Re: [WebDNA] PCI Vulnerability testing (Govinda 2009) Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009) Re: [WebDNA] PCI Vulnerability testing (Govinda 2009) Re: [WebDNA] PCI Vulnerability testing ("Psi Prime, Matthew A Perosi " 2009) Re: [WebDNA] PCI Vulnerability testing (William DeVaul 2009) Re: [WebDNA] PCI Vulnerability testing (Govinda 2009) Re: [WebDNA] PCI Vulnerability testing (Marc Thompson 2009) Re: [WebDNA] PCI Vulnerability testing (William DeVaul 2009) [WebDNA] PCI Vulnerability testing (Bob Minor 2009)

It seems removeHTML is a way to go although I have not tested whathappens with URLed characters. If going grep or getchars, I would usea white list and not limit the length. Otherwise long variables willpass the troublesome code.BillOn Mon, Apr 13, 2009 at 3:09 PM, Govinda wro=te:> =A0[removehtml][userInput][/removehtml]> -G> On Apr 13, 2009, at 12:47 PM, William DeVaul wrote:>>> I have no idea about a server level fix. =A0This goes to never trusting>> user input. =A0I thought it should always be surrounded by [raw] and>> [url] to prevent this.>>>> What do others do?>>>> Bill>> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us> old archives: http://dev.webdna.us/TalkListArchive/> William DeVaul

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] why is the webdna.us site slow? (sometimes?) (2011) Nested tags count question (1997) WebCat2 - Getting to the browser's username/password data (1997) 2.1b3 --> way slow (1997) Listserver problem (1997) Event Calendar added to the Intranet Edition (2002) WC2b12: Yes, Formulas.db is for real (1997) Limiting user access to .tmpl files (1997) Calendar (1997) [WebDNA] Just drop the Server version (2015) WebCatalog for guestbook ? (1997) Re:2nd WebCatalog2 Feature Request (1996) Emailer setup (1997) RE: Feature request (Can do Switch) (1998) [Fwd: Rotating Banners ... (was LinkExchange)] (1997) Public beta 2 for WebCatalog 4.0 is now available. (2000) chicken / egg::purchase / setheader (2002) Caching [include] files ... (1997) Nesting Search Within Tag? (1997) WebCatalog for Postcards ? (1997)